AddressWhat success looks like in this role:
- Analyzing network traffic to identify compromised systems, negate denial of service attacks, and pinpoint resource abuse.
- Incorporate threat intelligence feeds into Microsoft Sentinel to enhance threat detection and response capabilities.
- Develop and implement security automation scripts and playbooks in Microsoft Sentinel to streamline security operations.
- Create reports and documentation related to security incidents, investigations, and overall security posture.
- Supporting priority incident investigations and threat intelligence discoveries with hunting expertise to identify the extent of any potential compromise.
- Respond to security incidents by containing, eradicating, and recovering from them using Microsoft Defender's tools and features.
- Educate users and colleagues about cybersecurity best practices and the use of Microsoft Defender.
- Perform onboarding and offboarding defender agents.
- Troubleshoot Defender agents not reporting to the portal
- Conduct investigations using EDR and live response
- Conduct Vulnerability Assessment using Defender.
- Investigate, identify, and prevent or mitigate abusive activities such as intrusion attempts, DDoS, malware distribution, phishing attacks, etc.
- Monitoring threat/vulnerability landscape and security advisories
- Appropriately manage time and customer issues based on issue severity and business needs
- Continuously monitors the security alerts queue, triages security alerts
- Monitors health of customer security sensors and SIEM infrastructure
- Ensures documented processes and procedures are relevant and up to date
- Investigate, document, and report on any security threat issues as well as emerging trends
- Enabling a world-class cyber defense program by working closely with other technical, vulnerability management, incident management, intelligence analyst and forensic personnel to develop a fuller understanding of the intent, objectives, and activity of cyber threat actors, and ultimately drive improvement to the organizations’ overall security posture
- Notify appropriate business stakeholders about serious security events, implement security improvements by assessing current situation, evaluating market trends, and anticipating requirements
- Perform threat hunting and threat analysis
- Monitor, detect, and analyze network threats
- Employ automation to aid in research and hunting tasks
- Write blogs and papers related to threat hunting and analysis
- Investigate, document, and report all security issues to contribute to incident response
You will be successful in this role if you have:
- Experience conducting hunting with multiple data sources using common hunt methodologies and tooling
- Analyze security logs to identify new threats
- Knowledge of Digital forensics
- Responsive to challenging tasks
- Broad understanding of Windows and Linux Operating Systems, networking protocols and cloud computing
- Ability to multitask and prioritize work effectively
- Highly motivated self-starter
- Proven verbal and written communication skills, with an ability to clearly explain complex technical challenges.
- Certifications on Microsoft tools such as AZ900, SC500 is an advantage.
- Strong skills with a scripting language; Python preferred, JavaScript and/or Perl also valuable.
Qualifications:
- A Bachelor’s or Master's degree from a university (preferably in Computer Science, Engineering, or a related discipline), or equivalent security industry work experience
Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law.
This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers. If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at GlobalRecruiting@unisys.com or alternatively Toll Free: 888-560-1782 (Prompt 4). US job seekers can find more information about Unisys’ EEO commitment here .
